 So, secure shell as root user into the computer identified by the IP address for your droplet. Press enter. Are you sure? Yes, I'm sure. You actually have to type yes. Root password should be in the email that you received. It's a long one. And the system automatically says, ah, change your password. So now's a good time to change your password or you must type in the one that was in the email and then select a new root password. Of course, if you're new to Linux, you don't see the password being typed. You don't even get stars or anything, but it's actually being typed. Choose a new one and then you should get the prompt to say you're logged in. How do you choose a password? Remember, these computers are on the internet, publicly available 24 hours a day. So you want them to be secure. You don't want to choose a password that someone can guess, okay? So choose a good password, not one that you will forget and not one that someone else will guess. And don't tell anyone else. Don't even tell me, okay? There's no need to. Okay. What's your email again? Okay. I got it. Okay. I forgot to do yours. I need to create one more droplet for someone else, so bear with me. If you're experienced with Linux, you can do some things here, but otherwise just wait and we'll run the commands together. Just sending now. Okay. I'll just send. So you should get an email in a couple of minutes from Steve.sit. So now we're logged into our droplet. Remember the prompt user name, root, who's like the administrator user at Steve, yours is at your computer name, which is your name, and the prompt hash, you get it? Yep. Okay. Let's do some basic things. If you want to change the password, what do you do? You've already changed it to start. The command to change the password is pass wd. You don't have to do it. And I don't suggest doing it now because you've already set the password once. Don't set it again. But later, if you want to change your password, when you're logged in as that user, pass wd, short for password. What's the name of your computer? Well, mine is Steve. That's called the host name. We can change that. And let's do it now. Let's choose a different name. And some of the commands that I'm doing here are not the only ways to do it, but just easy for us to do for the demo. You can choose a name. So I'm typing echo, and then I choose a new name. Okay? You choose a different one. It doesn't matter. You can keep it the same, but I'll just show you how to choose it. Echo means display the name, the name you want, redirect that into the file name called hostname, which is a special file that stores the name of this computer, the host. Remember, you can copy and paste from the terminal that you see from my screen if you want. And just change. Try not to copy everything I do. You don't have to give it the same name as mine. Okay? Not so important, the hostname. We can update the current hostname. If we reset or reboot the computer, the new one would come, but let's do it now. Let's set the hostname to the new one. That's just a refresh. If we log in and log out again, we should see the new hostname here. We'll see that later. Check your IP address. In Linux, to check your IP address, you can run ifconfig. And the interface that we're using is called eth0. Ifconfig eth0, and it should show some information about your IP address and other stuff. Presenter, ifconfig, a lot of stuff, a lot of information there. The main thing that we want is your INET address, your IP version 4 address. And also, it's nice to know your IPv6 address, INET6 address. There are two INET6 addresses. There are two lines. One of them has a scope of global. That means it's a globally unique IP address. It's a public IP address. We'll need to record that. So if you need to find your IP address, you can find them from ifconfig. But you can also find them in the email that was sent to you. What we're going to do is add these IP addresses, your IPv4, IPv6 address, to a host file, a file that maps that address to your hostname. If you can't remember those values, I can't. You can copy and paste them, or you can find them in the email that was initially sent to you. That may be easier. We want to add them to what's called the hosts file. Nano is our text editor, nano slash etch hosts, clear, so it's at the top. Nano etch hosts, press Enter, and we want to add some lines into that file. No need to change all of them, but we'll add some lines in. You see the format is quite simple. IP address, hostname or hostnames, tab or space separator. Think of it as two columns, really. Sometimes we have two hostnames. We want to add or first change the one that was your name. If you change your hostname, there's no need for two occurrences. Mine was called Steve. I'll change it to, what did I change? FreeTech. We have to do that manually, to the name of your host. And then do it also for your real IP address, this address that was seen in IF Config, or maybe easier that's in the email that was sent to you. If you go back to your email, you'll see the IPv4 address, copy and paste it here, and also your IPv6 address. So in my case, I received an email, I have the IP address, I copy that and I paste it here and tab, also add the name FreeTech. And then do the same for your IPv6 address, that big long one. You don't need to copy that slash 64, doesn't matter if you don't know what the purpose of the address is, especially IPv6. Some of us haven't covered that before, but we'll put it in anyway. Copy that up to the slash, remember, select, middle click to paste, FreeTech, or your name, your hostname, sorry, your hostname. Yell out, put your hand up or make some noise if you have problems, otherwise we'll just keep going. And that's it. We're saying that the mapping from this hostname, this hostname maps to these particular IP addresses. This is a local IP address. These are two global IP addresses or public IP addresses, one IPv4, one IPv6. Not so important, but it's useful. Save the file. Control X, save, press yes, file name to write, ETC host, press enter, don't change anything, and you're done. Just check to see the actual contents of the file again, cat. Make sure the change applied. Cat displays the contents of a file. What's the time? Anyone? To see the time, type date. It's Friday, August 1st, 3 a.m., okay, wrong time zone. So date shows us the date and time by default. Let's set the time zone, all right, so this is the wrong time for us. Well the reason it's wrong is the wrong time zone. So let's set the time zone. And here's a way to set the time zone. We reconfigure the program called time zone data, tz data. D package dash reconfigure tz data. That's going to allow us to reselect the time zone that we want. Press enter, and then choose the time zone you want. And I suggest choosing your, our time zone, Bangkok, okay. Even though our server is in Singapore, I think for you it's easier if you use the time zone on the server as the time zone as to where you currently are. So once you get that, you'll get some nice graphical user interface. Allows you to choose the area and the city, Bangkok. Press enter, and now you see, and if you run date again you'll see the time. It's 2 p.m. Bangkok. You can choose another city if you like. Try it again if you want, Bangkok, enter, Asia, there's somewhere, okay. Okay, time zone, let's keep going. We've got, when we install the operating system some basic software is already installed. But sometimes it's the old version, sometimes there's a newer version. So what we want to do is update the software on our operating system. And in fact we'll install some new software in a moment. So to update in Ubuntu Linux, we use the program called AppGet. AppGet, or APT is what we call the package manager. Software is referred to as packages. On your Android phone you use Google Play to install your software. Well, which has a large repository of software. Here we use AppGet to install and update software. So AppGet, first we update, which updates our list of software. Press Enter, something will scroll through, take a bit of time maybe. Update, get update. It downloads some lists of software and then will upgrade our software. Who has an Apple computer? Yes, where do you get your software from? The Apple store. So that's a repository of software. The same thing in Ubuntu Linux is a repository, like a large database of software. And we can install software from that repository. The update updates our list of software. Downloads from some servers. Some of them take longer than others. Waiting, waiting, okay. No errors. Now we upgrade the software. Upgrade, Presenter. This actually upgrades the current software installed on your computer. AppGet Upgrade, Presenter. And it prompts you, if you scroll, you'll see that what it's really saying is, I'm going to upgrade all of these software packages. Some of them will make sense, some won't. I'm going to upgrade MySQL Client to version 5.5. I'm going to upgrade the language selector common software package. Yes, let's upgrade them all. Press Y and Enter. It downloads the software that it's going to upgrade. Downloading, and now it starts installing the new software. Takes a couple of minutes. Most operating systems now have a repository to manage their software. It's coming. Once we have upgraded, we'll actually install some new software. Just a few things that we may use or you may use based upon what we've done in previous workshops. It's going, it's almost there. After we install some new software, we'll add a new user. Currently, we're logged in as root user, the admin user. It's bad practice to do everything as the administrator. We should create a normal user and log in as that normal user. So we'll set that up before we reboot our droplet, our virtual private server. It's getting there. Some people may be finished. Okay, we're done. I'm done. Now install some new software. And I'm not going to explain the new software we're going to install. We may use it later. We used it in some of the previous workshops. I'm going to copy and paste from the website so I don't get it wrong. Okay, so from the web page, copy and paste the command to install new software. And it's something like this. App to get, same software, same program to update software. Install, and then the whole list of names of software that I want. So I copy and paste that from the website. App to get, install, and then list of software. Press Enter, and that will download and install that software. You don't necessarily need all of this. Some of them are things that we have used in the past. Some may be useful on your server. There's some software to unzip and zip files. There's some software for converting images. There's some network management software. Press Yes. It downloads the software packages, and then it will eventually install them. Okay, done. Let's add a new user. So we're currently logged in as root, as we see in the prompt. Or who am I? I'm root at the moment. Let's add a new user. Add user, and now choose a username. I suggest your name. Don't use my name. Add a user, and it'll prompt you for some information. Choose a password for that user. Different from your root password, preferably. Can everyone remember two passwords? Retype it. If you mistype, it will give you some error. Unsuccessful. Just press something and give the wrong password. See what happens. Press Enter. Enter again. No. We will delete your user. So add the user, and then use DEL user to delete the user. And then add a new one. Okay, you're right. Type in your details. You don't have to give them optional. If I can type. Press Enter if you don't want to give your room number. Is this information correct? Yes, and Enter. So this adds a new user to the system. Don't worry about the room number and so on, okay? Now, so we now have two users. We have the root user who's the full administrator. They can do everything they want. Now we have your own normal user. They can only do things in their own account. They are limited in what they can do. They cannot install software. They cannot change system files. But what we'd like to do is never use the root user and give permissions to this new user to do a few admin things. And in Ubuntu and some other Linux systems, in Windows, how do you do it? When you're logged in as a normal user in Windows, some programs need to be run as administrator. And I haven't used Windows for a long time, but there used to be some menu item you can right-click on an application and say run as. That'll run that application as a particular user like the administrator. So there's that feature to, when you're logged in as a normal user, run as the administrator. In Ubuntu Linux, that feature is called sudo. Instead of run as, super user do. Do this as the super user. Super user, in our case, think as the root user, administrator. So there's this thing we see as sudo. What we need to do is allow our new user to do sudo. And the way that we do it is we add our new user, Steve, in my case, to the group called sudo, a special group. Effectively, Steve will become an administrator. That is, they can do everything that the root user can do, but they're not the root user. And there's some benefits of doing it that way. User mod adds to group sudo, Steve, or your username. We'll test that later. Soon we'll test it, not yet. Last thing before we reboot and get back to our normal user. You logged into this machine as the root user, but we now have created a new user, and from now on we're always gonna use that new user, not the root user. We'll never log in as the root user. In fact, what we're gonna do as a security measure is restrict log in so that the root user cannot log in. The benefit is that your server is on the internet. If someone finds your IP address, and there are different ways to do it, then what normally happens is that malicious people out on the internet try to log into your server. They know your username, it's root. All they need to do is guess the password. Well, what do they do? They just make multiple attempts, keep making attempts. Root, username root, password, ABCD. Username root, password, keep trying different passwords. And I know everyone here shows very long, random passwords, but some people don't. And therefore, those people out on the internet, the malicious people will get access to your account. So what we'll do is stop it so that the root user can no longer log in via a remote connection. They cannot secure shell in. Only the normal user can, which makes it a little bit more secure. How do we do it? Well, we need to set up the secure shell server to do it. Again, I'm gonna not explain it, but copy from the website or from the terminal as I type. It makes a change to some config file which was permit root login to yes, it did allow root login, and it changes it to no, so it no longer allows it. Set is just a search and replace type program. Search for this string in this file and replace it with this other string. You can do it otherwise, but it's just a quick way to do it. Press enter. You should see no feedback, which means everything's okay. As long as you're copied and paste correctly. And now we're ready, if everything's correct to reboot and then we'll log in as the new user. So to reboot, type reboot. Really, you should do some further testing to make sure that it's working properly and the new user works, but we will do it quickly and just reboot. It automatically logs you out, so now you're back logged into your computer, you're the terminal of your computer, and it takes, I don't know, a minute or so to restart that virtual machine and then log in as your new user. Instead of as root, same IP address, but new username, secure shell steve at IP address or your username at your IP. And it will prompt for your new user's password. And now we're logged in and you should notice your hostname has changed to what you set it to.